Web lists-archives.com

Re: [Samba] FEDORA 28 + SAMBA 4.8.5 --must-change-at-next-login don't work




On Wed, 2018-09-12 at 17:16 +0200, Karel Lang AFD via samba wrote:
> Hello,
> if anybody would kindly have anything to advice, please, please - do
> :-)
> 
> 
> SETUP:
> Fedora 28 + Samba 4.8.5 AD  (testing environment consisting of 1
> Samba 
> server and 1 joined windows machine and 1 account) :-)
> 
> PROBLEM:
> the "--must-change-at-next-login" is the problematic part
> 
> after creating user, with this attribute the user is authenticated
> OK 
> during FIRST Logon BUT!! when challenged to CHANGE password (as 
> expected) he/she can not change the pw as the DOMAIN stubbornly, 
> repeatedly says: password is EXPIRED
> 

This looks like:

https://bugzilla.samba.org/show_bug.cgi?id=13517

To confirm that, can you rebuild the RPMs to use the internal Heimdal
and see if it still reproduces?

I've CC'ed Andreas who leads the effort to have Samba use the MIT KDC
in case he has any more input.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba




-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba